package SV_XSS_DB;

import javax.servlet.ServletOutputStream;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

public class Example {
    protected void printComment(Connection conn, ServletOutputStream out, String user) throws SQLException, IOException {
        PreparedStatement pr = conn.prepareStatement("SELECT * FROM comms WHERE user = ?");
        pr.setString(1, user);
        String comment = pr.executeQuery().getString("comment");
        out.println("Comments: " + comment);
    }
}
